4b412ac926aaed11a9c335827d7c37d972399d0d - openbmc/phosphor-rest-server

commit	4b412ac926aaed11a9c335827d7c37d972399d0d	[log] [tgz]
author	Deepak Kodihalli <dkodihal@in.ibm.com>	Mon Oct 15 12:45:18 2018 -0500
committer	Brad Bishop <bradleyb@fuzziesquirrel.com>	Tue Oct 16 12:58:26 2018 +0000
tree	7effd83582eff343614707c41f336e47a224f316
parent	844bb4e13bf53905f899760e1f4435576f334b11 [diff]

LDAP config: don't log bind password

Add a way to prevent json body logging for routes with sensitive data
such as passwords.

This is basically done via a list of URLs. Add the LDAP create config
URL to this list.

Tested:

Before:
phosphor-gevent[1481]: <BMC IP> user:root POST
http://127.0.0.1:8081/xyz/openbmc_project/user/ldap/action/CreateConfig
json:{u'data': [False, u'ldap://<LDAP server IP>/',
u'cn=Sivas,cn=Users,dc=Corp,dc=ibm,dc=com',
u'cn=Users,dc=Corp,dc=ibm,dc=com', u'<password>',
u'xyz.openbmc_project.User.Ldap.Create.SearchScope.sub',
u'xyz.openbmc_project.User.Ldap.Create.Type.ActiveDirectory']} 200 OK

After:
phosphor-gevent[1710]: <BMC IP> user:root POST
http://127.0.0.1:8081/xyz/openbmc_project/user/ldap/action/CreateConfig
json:None 200 OK

Change-Id: I99979e5e373784c7eabb55861dae70bb283859a4
Signed-off-by: Deepak Kodihalli <dkodihal@in.ibm.com>

module/obmc/wsgi/apps/rest_dbus.py[diff]

1 file changed

tree: 7effd83582eff343614707c41f336e47a224f316